Earlier in the month, we heard that Android Police had uncovered a security flaw in some HTC handsets, akin to “leaving your keys under the mat and expecting nobody who finds them to unlock the door.”
HTC promised to address the issue post haste, and now Android Police reports that Sprint in the US has begun firing out a fix for the controversial flaw.
The back door potentially allowed malicious douche bags to access private information, such as email addresses, GPS locations, the phone log, and SMS data.
Responding to the initial claims, the Taiwanese manufacturer conceded: “while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application.
“So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
“HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers.”
Now HTC is making good on that promise. Folks with one of the countless (er, four) Evo variants will receive the update OTA. Those with an HTC Thunderbolt (essentially the US HTC Desire HD) will get the fix bundled with Gingerbread (Android 2.3) goodness.